The Michigan Department of Management, Technology and Budget, which includes the state’s information technology office, announced Tuesday that Chris DeRusha has been named the state’s top cybersecurity official. DeRusha had previously been the deputy to Michigan’s former chief security officer, Rajiv Das, who stepped down last December.
DeRusha’s promotion was announced in a post on DTMB’s LinkedIn page.
As chief security officer, DeRusha will be responsible for safeguarding Michigan’s state government from internal and external cyberthreats and leading the response if an agency is compromised. The CSO also serves as the state’s liaison to federal cybersecurity officials, including the U.S. Computer Emergency Readiness Team, as well as intergovernmental groups like the Multi-State Information Sharing and Analysis Center. DeRusha will also oversee the Michigan Civilian Cyber Corps, a group of cybersecurity professionals who can be called in to assist the government in the event the governor declares a state of emergency.
Before joining the Michigan government last April, DeRusha spent seven years as a cybersecurity adviser in the Obama administration. Between 2009 and 2015, he worked for the office that is now known as the Cybersecurity and Infrastructure Security Agency. He later took a position in the White House Office of Management and Budget. In between his White House and Michigan jobs, he worked for a year as an application security manager for the Ford Motor Company.
As the deputy CSO last year, DeRusha promoted Michigan’s “CISO-as-a-service” program, a pilot project in which the state conducted risk assessments, vulnerability scans and other cybersecurity measures that a chief information security officer would conduct for local governments that didn’t have the resources to do on their own. At a conference in Baltimore in October, DeRusha suggested the program could eventually be spun off into a self-sustaining nonprofit enterprise.
Under Das, Michigan’s cybersecurity office had a $40 million budget and a staff of 150 state employees and contractors. The chief security officer is one of the top roles at DTMB, but the administration of Gov. Gretchen Whitmer, who took office last month, has said little about information technology policy.
Whitmer appointed Tricia Foster, a former executive with the commercial real estate firm CBRE to lead the department, which consistent with its name also includes the state budget and procurement offices. But while Foster’s predecessor, Dave DeVries, also served as the statewide chief information officer, Whitmer’s administration has said Foster’s position does not include CIO duties.